package org.springframework.security.oauth2.server.authorization.token;

import java.time.Instant;
import java.time.temporal.TemporalAmount;
import java.util.Base64;
import java.util.Collections;
import java.util.Map;
import java.util.Set;
import java.util.UUID;
import org.springframework.lang.Nullable;
import org.springframework.security.crypto.keygen.Base64StringKeyGenerator;
import org.springframework.security.crypto.keygen.StringKeyGenerator;
import org.springframework.security.oauth2.core.ClaimAccessor;
import org.springframework.security.oauth2.core.OAuth2AccessToken;
import org.springframework.security.oauth2.server.authorization.OAuth2TokenType;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
import org.springframework.security.oauth2.server.authorization.settings.OAuth2TokenFormat;
import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenClaimsContext;
import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenClaimsSet;
import org.springframework.util.Assert;
import org.springframework.util.CollectionUtils;
import org.springframework.util.StringUtils;

/* loaded from: input_file:BOOT-INF/lib/spring-security-oauth2-authorization-server-1.0.2.jar:org/springframework/security/oauth2/server/authorization/token/OAuth2AccessTokenGenerator.class */
public final class OAuth2AccessTokenGenerator implements OAuth2TokenGenerator<OAuth2AccessToken> {
    private final StringKeyGenerator accessTokenGenerator = new Base64StringKeyGenerator(Base64.getUrlEncoder().withoutPadding(), 96);
    private OAuth2TokenCustomizer<OAuth2TokenClaimsContext> accessTokenCustomizer;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:BOOT-INF/lib/spring-security-oauth2-authorization-server-1.0.2.jar:org/springframework/security/oauth2/server/authorization/token/OAuth2AccessTokenGenerator$OAuth2AccessTokenClaims.class */
    public static final class OAuth2AccessTokenClaims extends OAuth2AccessToken implements ClaimAccessor {
        private final Map<String, Object> claims;

        private OAuth2AccessTokenClaims(OAuth2AccessToken.TokenType tokenType, String str, Instant instant, Instant instant2, Set<String> set, Map<String, Object> map) {
            super(tokenType, str, instant, instant2, set);
            this.claims = map;
        }

        @Override // org.springframework.security.oauth2.core.ClaimAccessor
        public Map<String, Object> getClaims() {
            return this.claims;
        }
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // org.springframework.security.oauth2.server.authorization.token.OAuth2TokenGenerator
    @Nullable
    public OAuth2AccessToken generate(OAuth2TokenContext oAuth2TokenContext) {
        if (!OAuth2TokenType.ACCESS_TOKEN.equals(oAuth2TokenContext.getTokenType()) || !OAuth2TokenFormat.REFERENCE.equals(oAuth2TokenContext.getRegisteredClient().getTokenSettings().getAccessTokenFormat())) {
            return null;
        }
        String str = null;
        if (oAuth2TokenContext.getAuthorizationServerContext() != null) {
            str = oAuth2TokenContext.getAuthorizationServerContext().getIssuer();
        }
        RegisteredClient registeredClient = oAuth2TokenContext.getRegisteredClient();
        Instant now = Instant.now();
        Instant plus = now.plus((TemporalAmount) registeredClient.getTokenSettings().getAccessTokenTimeToLive());
        OAuth2TokenClaimsSet.Builder builder = OAuth2TokenClaimsSet.builder();
        if (StringUtils.hasText(str)) {
            builder.issuer(str);
        }
        builder.subject(oAuth2TokenContext.getPrincipal().getName()).audience(Collections.singletonList(registeredClient.getClientId())).issuedAt(now).expiresAt(plus).notBefore(now).id(UUID.randomUUID().toString());
        if (!CollectionUtils.isEmpty(oAuth2TokenContext.getAuthorizedScopes())) {
            builder.claim("scope", oAuth2TokenContext.getAuthorizedScopes());
        }
        if (this.accessTokenCustomizer != null) {
            OAuth2TokenClaimsContext.Builder authorizationGrantType = OAuth2TokenClaimsContext.with(builder).registeredClient(oAuth2TokenContext.getRegisteredClient()).principal(oAuth2TokenContext.getPrincipal()).authorizationServerContext(oAuth2TokenContext.getAuthorizationServerContext()).authorizedScopes(oAuth2TokenContext.getAuthorizedScopes()).tokenType(oAuth2TokenContext.getTokenType()).authorizationGrantType(oAuth2TokenContext.getAuthorizationGrantType());
            if (oAuth2TokenContext.getAuthorization() != null) {
                authorizationGrantType.authorization(oAuth2TokenContext.getAuthorization());
            }
            if (oAuth2TokenContext.getAuthorizationGrant() != null) {
                authorizationGrantType.authorizationGrant(oAuth2TokenContext.getAuthorizationGrant());
            }
            this.accessTokenCustomizer.customize(authorizationGrantType.build());
        }
        OAuth2TokenClaimsSet build = builder.build();
        return new OAuth2AccessTokenClaims(OAuth2AccessToken.TokenType.BEARER, this.accessTokenGenerator.generateKey(), build.getIssuedAt(), build.getExpiresAt(), oAuth2TokenContext.getAuthorizedScopes(), build.getClaims());
    }

    public void setAccessTokenCustomizer(OAuth2TokenCustomizer<OAuth2TokenClaimsContext> oAuth2TokenCustomizer) {
        Assert.notNull(oAuth2TokenCustomizer, "accessTokenCustomizer cannot be null");
        this.accessTokenCustomizer = oAuth2TokenCustomizer;
    }
}
